15 changed files with 365 additions and 423 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,41 +1 @@
-/keepalived-1.2.9.tar.gz
+SOURCES/keepalived-2.1.5.tar.gz
 /keepalived-1.2.10.tar.gz
 /keepalived-1.2.11.tar.gz
 /keepalived-1.2.12.tar.gz
 /keepalived-1.2.13.tar.gz
 /keepalived-1.2.14.tar.gz
 /keepalived-1.2.15.tar.gz
 /keepalived-1.2.16.tar.gz
 /keepalived-1.2.17.tar.gz
 /keepalived-1.2.18.tar.gz
 /keepalived-1.2.19.tar.gz
 /keepalived-1.2.20.tar.gz
 /keepalived-1.2.21.tar.gz
 /keepalived-1.2.22.tar.gz
 /keepalived-1.2.23.tar.gz
 /keepalived-1.2.24.tar.gz
 /keepalived-1.3.2.tar.gz
 /keepalived-1.3.5.tar.gz
 /keepalived-1.3.6.tar.gz
 /keepalived-1.3.9.tar.gz
 /keepalived-1.4.0.tar.gz
 /keepalived-1.4.1.tar.gz
 /keepalived-1.4.2.tar.gz
 /keepalived-1.4.3.tar.gz
 /keepalived-1.4.4.tar.gz
 /keepalived-1.4.5.tar.gz
 /keepalived-2.0.5.tar.gz
 /keepalived-2.0.6.tar.gz
 /keepalived-2.0.10.tar.gz
 /keepalived-2.0.11.tar.gz
 /keepalived-2.0.12.tar.gz
 /keepalived-2.0.18.tar.gz
 /keepalived-2.0.19.tar.gz
 /keepalived-2.0.20.tar.gz
 /keepalived-2.1.5.tar.gz
 /keepalived-2.2.0.tar.gz
 /keepalived-2.2.1.tar.gz
 /keepalived-2.2.2.tar.gz
 /keepalived-2.2.3.tar.gz
 /keepalived-2.2.4.tar.gz
 /keepalived-2.2.8.tar.gz
--- a/.keepalived.metadata
+++ b/.keepalived.metadata
@ -1 +1 @@
-e35522125dcadb1f627e63f2be01f269f289c024 keepalived-2.2.8.tar.gz
+54128bc7b4f8b920028af4691be9013f25393a99 SOURCES/keepalived-2.1.5.tar.gz
--- a/SOURCES/bz1977716-revert-explicit-set-LOG_USER-facility.patch
+++ b/SOURCES/bz1977716-revert-explicit-set-LOG_USER-facility.patch
@ -0,0 +1,55 @@
 From ff476e860e91c1a814ac038ee16790a2a5b950af Mon Sep 17 00:00:00 2001
 From: Quentin Armitage <quentin@armitage.org.uk>
 Date: Mon, 18 Jan 2021 14:38:15 +0000
 Subject: [PATCH 1/2] Revert "Explicitly set LOG_USER log facility when
 syslogging"
 This reverts commit db3bcf7b891881e8e70954424f0fe88ec7d37ce0.
 This commit was just plain wrong. The facility should default to
 LOG_DAEMON (see keepalived(8) man page), but if --log-facility is
 specified, that is the facility to which log entries should be logged.
 ---
 lib/logger.c | 5 +----
 lib/logger.h | 2 +-
 2 files changed, 2 insertions(+), 5 deletions(-)
 diff --git a/lib/logger.c b/lib/logger.c
 index a0cc2048..34c83f32 100644
 --- a/lib/logger.c
 +++ b/lib/logger.c
@@ -133,7 +133,7 @@ block_signals(sigset_t *cur_set)
 #endif
 void
 -vlog_message(int facility, const char* format, va_list args)
 +vlog_message(const int facility, const char* format, va_list args)
 {
 #ifndef HAVE_SIGNALFD
 	sigset_t cur_set;
@@ -213,9 +213,6 @@ vlog_message(int facility, const char* format, va_list args)
 			restore_signals = true;
 #endif
 -		if (!(facility & LOG_FACMASK))
 -			facility |= LOG_USER;
 -
 #if HAVE_VSYSLOG
 		vsyslog(facility, format, args);
 #else
 diff --git a/lib/logger.h b/lib/logger.h
 index 7536536a..20b2a7e4 100644
 --- a/lib/logger.h
 +++ b/lib/logger.h
@@ -44,7 +44,7 @@ extern void open_log_file(const char *, const char *, const char *, const char *
 extern void flush_log_file(void);
 extern void update_log_file_perms(mode_t);
 #endif
 -extern void vlog_message(int facility, const char* format, va_list args)
 +extern void vlog_message(const int facility, const char* format, va_list args)
 	__attribute__ ((format (printf, 2, 0)));
 extern void log_message(int priority, const char* format, ...)
 	__attribute__ ((format (printf, 2, 3)));
 -- 
 2.31.1
--- a/SOURCES/bz1977716-use-LOG_DAEMON-facility-by-default.patch
+++ b/SOURCES/bz1977716-use-LOG_DAEMON-facility-by-default.patch
@ -0,0 +1,165 @@
 From 75ea1d31c17f4bb3a73590167658310bc9f67149 Mon Sep 17 00:00:00 2001
 From: Quentin Armitage <quentin@armitage.org.uk>
 Date: Mon, 18 Jan 2021 14:57:30 +0000
 Subject: [PATCH 2/2] all: log to LOG_DAEMON facility by default
 keepalived(8) man page states that the default log facility is LOG_DAEMON.
 Commit db3bcf7 - "Explicitly set LOG_USER log facility when syslogging"
 incorrectly set the facility to LOG_USER, and that has now been reverted.
 However, with that reverted, by default the VRRP process logs to LOG_LOCAL1
 and the checker and BFD processes log to LOG_LOCAL2, contrary to the
 documentation.
 Since no-one has commented that logs were not going to LOG_LOCAL1/2 since
 commit db3bcf7 (April 28 2020), it is safe to assume that no-one was relying
 on that. This commit therefore reverts to the documentation and by default
 logs everything to the LOG_DAEMON facility.
 Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
 ---
 keepalived/bfd/bfd_daemon.c     |  3 +--
 keepalived/check/check_daemon.c |  3 +--
 keepalived/core/main.c          |  7 +++----
 keepalived/include/main.h       |  1 -
 keepalived/vrrp/vrrp_daemon.c   |  3 +--
 lib/logger.c                    |  2 ++
 lib/logger.h                    | 10 ++++++++++
 7 files changed, 18 insertions(+), 11 deletions(-)
 diff --git a/keepalived/bfd/bfd_daemon.c b/keepalived/bfd/bfd_daemon.c
 index cf74eee3..47d87892 100644
 --- a/keepalived/bfd/bfd_daemon.c
 +++ b/keepalived/bfd/bfd_daemon.c
@@ -396,8 +396,7 @@ start_bfd_child(void)
 	/* Opening local BFD syslog channel */
 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
 -		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
 -				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL2 : log_facility);
 +		open_syslog(syslog_ident);
 #ifdef ENABLE_LOG_TO_FILE
 	if (log_file_name)
 diff --git a/keepalived/check/check_daemon.c b/keepalived/check/check_daemon.c
 index 5e03cc4c..63bdf07b 100644
 --- a/keepalived/check/check_daemon.c
 +++ b/keepalived/check/check_daemon.c
@@ -689,8 +689,7 @@ start_check_child(void)
 	/* Opening local CHECK syslog channel */
 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
 -		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
 -				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL2 : log_facility);
 +		open_syslog(syslog_ident);
 #ifdef ENABLE_LOG_TO_FILE
 	if (log_file_name)
 diff --git a/keepalived/core/main.c b/keepalived/core/main.c
 index be4488ea..756b2f12 100644
 --- a/keepalived/core/main.c
 +++ b/keepalived/core/main.c
@@ -149,7 +149,6 @@ static const struct child_term children_term[] = {
 /* global var */
 const char *version_string = VERSION_STRING;		/* keepalived version */
 const char *conf_file = KEEPALIVED_CONFIG_FILE;		/* Configuration file */
 -int log_facility = LOG_DAEMON;				/* Optional logging facilities */
 bool reload;						/* Set during a reload */
 const char *main_pidfile;				/* overrule default pidfile */
 static bool free_main_pidfile;
@@ -2087,7 +2086,7 @@ keepalived_main(int argc, char **argv)
 	umask(umask_val);
 	/* Open log with default settings so we can log initially */
 -	openlog(PACKAGE_NAME, LOG_PID, log_facility);
 +	open_syslog(PACKAGE_NAME);
 #ifdef _MEM_CHECK_
 	mem_log_init(PACKAGE_NAME, "Parent process");
@@ -2128,7 +2127,7 @@ keepalived_main(int argc, char **argv)
 	if (parse_cmdline(argc, argv)) {
 		closelog();
 		if (!__test_bit(NO_SYSLOG_BIT, &debug))
 -			openlog(PACKAGE_NAME, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0) , log_facility);
 +			open_syslog(PACKAGE_NAME);
 	}
 	if (__test_bit(LOG_CONSOLE_BIT, &debug))
@@ -2212,7 +2211,7 @@ keepalived_main(int argc, char **argv)
 		if ((syslog_ident = make_syslog_ident(PACKAGE_NAME))) {
 			log_message(LOG_INFO, "Changing syslog ident to %s", syslog_ident);
 			closelog();
 -			openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0), log_facility);
 +			open_syslog(syslog_ident);
 		}
 		else
 			log_message(LOG_INFO, "Unable to change syslog ident");
 diff --git a/keepalived/include/main.h b/keepalived/include/main.h
 index 3e013bb6..6a34797b 100644
 --- a/keepalived/include/main.h
 +++ b/keepalived/include/main.h
@@ -51,7 +51,6 @@ enum daemon_bits {
 extern const char *version_string;	/* keepalived version */
 extern unsigned long daemon_mode;	/* Which child processes are run */
 extern const char *conf_file;		/* Configuration file */
 -extern int log_facility;		/* Optional logging facilities */
 #ifdef _WITH_VRRP_
 extern pid_t vrrp_child;		/* VRRP child process ID */
 extern const char *vrrp_pidfile;	/* overrule default pidfile */
 diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c
 index baa5f5f2..e22f8a81 100644
 --- a/keepalived/vrrp/vrrp_daemon.c
 +++ b/keepalived/vrrp/vrrp_daemon.c
@@ -974,8 +974,7 @@ start_vrrp_child(void)
 		syslog_ident = PROG_VRRP;
 	if (!__test_bit(NO_SYSLOG_BIT, &debug))
 -		openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0)
 -				    , (log_facility==LOG_DAEMON) ? LOG_LOCAL1 : log_facility);
 +		open_syslog(syslog_ident);
 #ifdef ENABLE_LOG_TO_FILE
 	if (log_file_name)
 diff --git a/lib/logger.c b/lib/logger.c
 index 34c83f32..7fad8ac6 100644
 --- a/lib/logger.c
 +++ b/lib/logger.c
@@ -40,6 +40,8 @@
 /* Boolean flag - send messages to console as well as syslog */
 static bool log_console = false;
 +int log_facility = LOG_DAEMON;				/* Optional logging facilities */
 +
 #ifdef ENABLE_LOG_TO_FILE
 /* File to write log messages to */
 const char *log_file_name;
 diff --git a/lib/logger.h b/lib/logger.h
 index 20b2a7e4..c6f29138 100644
 --- a/lib/logger.h
 +++ b/lib/logger.h
@@ -30,8 +30,13 @@
 #include <sys/stat.h>
 #endif
 +#include "bitops.h"
 +#include "utils.h"
 +
 #define	MAX_LOG_MSG	255
 +extern int log_facility;		/* Optional logging facilities */
 +
 #ifdef ENABLE_LOG_TO_FILE
 extern const char *log_file_name;
 #endif
@@ -51,4 +56,9 @@ extern void log_message(int priority, const char* format, ...)
 extern void conf_write(FILE *fp, const char *format, ...)
 	__attribute__ ((format (printf, 2, 3)));
 +static inline void
 +open_syslog(const char *ident)
 +{
 +	openlog(ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0), log_facility);
 +}
 #endif
 -- 
 2.31.1
--- a/SOURCES/bz2028350-fix-dbus-policy-restrictions.patch
+++ b/SOURCES/bz2028350-fix-dbus-policy-restrictions.patch
@ -0,0 +1,41 @@
 From 763eaa49343acdda5ff359012e8cc49c9ffc8e81 Mon Sep 17 00:00:00 2001
 From: Vincent Bernat <vincent@bernat.ch>
 Date: Tue, 23 Nov 2021 06:50:59 +0100
 Subject: [PATCH] dbus: fix policy to not be overly broad
 The DBus policy did not restrict the message destination, allowing any
 user to inspect and manipulate any property.
 Signed-off-by: Vincent Bernat <vincent@bernat.ch>
 ---
 keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)
 diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
 index 2b78a575..b5ced608 100644
 --- a/keepalived/dbus/org.keepalived.Vrrp1.conf
 +++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
@@ -3,12 +3,15 @@
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
 	<policy user="root">
 -		<allow own="org.keepalived.Vrrp1"/>
 -		<allow send_destination="org.keepalived.Vrrp1"/>
 +		<allow own="org.keepalived.Vrrp1" />
 +		<allow send_destination="org.keepalived.Vrrp1" />
 	</policy>
 	<policy context="default">
 -		<allow send_interface="org.freedesktop.DBus.Introspectable" />
 -		<allow send_interface="org.freedesktop.DBus.Peer" />
 -		<allow send_interface="org.freedesktop.DBus.Properties" />
 +		<allow send_destination="org.keepalived.Vrrp1"
 +		       send_interface="org.freedesktop.DBus.Introspectable" />
 +		<allow send_destination="org.keepalived.Vrrp1"
 +		       send_interface="org.freedesktop.DBus.Peer" />
 +		<allow send_destination="org.keepalived.Vrrp1"
 +		       send_interface="org.freedesktop.DBus.Properties" />
 	</policy>
 </busconfig>
 -- 
 2.33.1
--- a/SOURCES/bz2054249-fix-unweighted-track-scripts.patch
+++ b/SOURCES/bz2054249-fix-unweighted-track-scripts.patch
@ -0,0 +1,41 @@
 From d93b2051641ebfc4c5dcdc405ed0f26b9bcaa65a Mon Sep 17 00:00:00 2001
 From: Quentin Armitage <quentin@armitage.org.uk>
 Date: Sat, 25 Jul 2020 10:13:32 +0100
 Subject: [PATCH] vrrp: Don't remove unweighted track scripts from sync group
 members
 Commit 3390697 - "vrrp: rewrote framework using list_head_t design"
 cleared the track_script list for any vrrp instance that was in a
 sync group. This was due to the old list structure allocating memory
 which had to be freed if the list was empty, but that is no longer
 the case with list_head.
 Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
 ---
 keepalived/vrrp/vrrp.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 diff --git a/keepalived/vrrp/vrrp.c b/keepalived/vrrp/vrrp.c
 index c8967eef..c7ded6b4 100644
 --- a/keepalived/vrrp/vrrp.c
 +++ b/keepalived/vrrp/vrrp.c
@@ -3406,7 +3406,7 @@ vrrp_complete_instance(vrrp_t * vrrp)
 		free_track_if_list(&vrrp->track_ifp);
 		/* Ignore any weighted script */
 -		list_for_each_entry_safe(sc, sc_tmp, &vrrp->track_script,e_list) {
 +		list_for_each_entry_safe(sc, sc_tmp, &vrrp->track_script, e_list) {
 			if (sc->weight) {
 				report_config_error(CONFIG_GENERAL_ERROR, "(%s) ignoring "
 									  "tracked script %s with weights due to %s"
@@ -3417,7 +3417,6 @@ vrrp_complete_instance(vrrp_t * vrrp)
 				free_track_script(sc);
 			}
 		}
 -		free_track_script_list(&vrrp->track_script);
 		/* Set tracking files to unweighted if weight not explicitly set, otherwise ignore */
 		list_for_each_entry_safe(tfl, tfl_tmp, &vrrp->track_file, e_list) {
 -- 
 2.33.1
--- a/SOURCES/keepalived.service
+++ b/SOURCES/keepalived.service
@ -4,12 +4,11 @@ After=network-online.target syslog.target
 Wants=network-online.target
 [Service]
-Type=notify
+Type=forking
-NotifyAccess=all
+PIDFile=/var/run/keepalived.pid
 PIDFile=/run/keepalived.pid
 KillMode=process
 EnvironmentFile=-/etc/sysconfig/keepalived
-ExecStart=/usr/sbin/keepalived --dont-fork $KEEPALIVED_OPTIONS
+ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 [Install]
--- a/SPECS/keepalived.spec
+++ b/SPECS/keepalived.spec
@ -1,8 +1,7 @@
 %bcond_without snmp
 %bcond_without vrrp
 %bcond_without sha1
-%bcond_without json
+%bcond_with iptables
 %bcond_without nftables
 %bcond_with profile
 %bcond_with debug
@ -10,14 +9,20 @@
 Name: keepalived
 Summary: High Availability monitor built upon LVS, VRRP and service pollers
-Version: 2.2.8
+Version: 2.1.5
-Release: 3%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 URL: http://www.keepalived.org/
 Group: System Environment/Daemons
 Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
 Source1: keepalived.service
 Patch1: bz1977716-revert-explicit-set-LOG_USER-facility.patch
 Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch
 Patch3: bz2028350-fix-dbus-policy-restrictions.patch
 Patch4: bz2054249-fix-unweighted-track-scripts.patch
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@ -25,21 +30,16 @@ Requires(postun): systemd
 %if %{with snmp}
 BuildRequires: net-snmp-devel
 %endif
-%if %{with nftables}
+%if %{with iptables}
 BuildRequires: libmnl-devel
 BuildRequires: libnftnl-devel
 %else
 BuildRequires: ipset-devel
 BuildRequires: iptables-devel
 %endif
 BuildRequires: gcc
 BuildRequires: automake
 BuildRequires: systemd-units
 BuildRequires: systemd-devel
 BuildRequires: openssl-devel
 BuildRequires: libnl3-devel
 BuildRequires: libnfnetlink-devel
 BuildRequires: file-devel
 BuildRequires: make
 %description
 Keepalived provides simple and robust facilities for load balancing
@ -57,16 +57,19 @@ infrastructures.
 %prep
 %setup -q
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %build
 %configure \
    %{?with_debug:--enable-debug} \
    %{?with_profile:--enable-profile} \
    %{!?with_vrrp:--disable-vrrp} \
    %{!?with_iptables:--disable-libiptc --disable-ipset} \
    %{?with_snmp:--enable-snmp --enable-snmp-rfc} \
    %{?with_nftables:--enable-nftables --disable-iptables} \
    %{?with_sha1:--enable-sha1} \
    %{?with_json:--enable-json} \
    --with-init=systemd
 %{__make} %{?_smp_mflags} STRIP=/bin/true
@ -75,8 +78,6 @@ rm -rf %{buildroot}
 make install DESTDIR=%{buildroot}
 rm -rf %{buildroot}%{_initrddir}/
 rm -rf %{buildroot}%{_sysconfdir}/keepalived/samples/
 mv %{buildroot}%{_sysconfdir}/keepalived/keepalived.conf.sample \
   %{buildroot}%{_sysconfdir}/keepalived/keepalived.conf
 %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service
 mkdir -p %{buildroot}%{_libexecdir}/keepalived
@ -90,6 +91,7 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %systemd_postun_with_restart keepalived.service
 %files
 %defattr(-,root,root,-)
 %attr(0755,root,root) %{_sbindir}/keepalived
 %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/keepalived
 %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/keepalived/keepalived.conf
@ -109,146 +111,64 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man8/keepalived.8*
 %changelog
-* Fri Jun 30 2023 Ryan O'Hara <rohara@redhat.com> - 2.2.8-2
+* Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9
- Fix keepalived.conf installation (#2215308)
+- Fix removal of unweighted track scripts from sync group (#2054249)
-* Thu Jun 15 2023 Ryan O'Hara <rohara@redhat.com> - 2.2.8-1
+* Tue Jan 18 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-8
- Update to 2.2.8 (#2215308)
+- Fix DBus policy restrictions (#2028350, CVE-2021-44225)
-* Fri Dec 23 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.4-6
+* Fri Oct 29 2021 Ryan O'Hara <rohara@redhat.com> - 2.1.5-7
- Fix unterminated endif in previous patch (#2134749)
+- Fix log-facility option (#197716)
-* Thu Dec 22 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.4-5
+* Tue Dec 15 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-6
- Fix memory leak in https checks (#2134749)
+- Fix changelog
-* Thu Dec 22 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.4-4
+* Tue Oct 20 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-5
- Fix variable substitution in consditional lines (#2101493)
+- Update to 2.1.5 (#1889440)
 - Fix intermittent child lost messages (#1868077)
 * Tue Jun 16 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-11
 - Fix vrrp_script execution (#1683438)
-* Thu Dec 22 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.4-3
+* Mon Feb 24 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-10
- Enable JSON support (#2129819)
+- Disable libiptc/ipset (#1806642)
-* Mon Feb 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.4-2
+* Thu Jan 30 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.10-9
- Fix DBus policy restrictions (#2028351, CVE-2021-44225)
+- Fix FAULT state when interface is renamed (#1792160)
-* Mon Aug 23 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.4-1
+* Mon Jul 08 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-7
- Update to 2.2.4 (#1968596)
+- Add gating tests (#1682114)
-* Mon Aug 16 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.3-2
+* Wed May 01 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-6
- Add gating tests (#1968596)
+- Fix segfault when smtp alerts configured (#1693706)
 - Fix double free when smtp_helo_name copied from local_name (#1693706)
-* Mon Aug 16 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.3-1
+* Wed Mar 27 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-5
- Update to 2.2.3 (#1968596)
+- Bump release nummber (#1688892)
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com>
+* Mon Mar 18 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Rework fix for OpenSSL initialization segfault (#1688892)
  Related: rhbz#1991688
-* Sat Aug 07 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.2-5
+* Fri Mar 15 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.10-2
- Ignore badfuncs error in rpminspect (#1968596)
+- Fix OpenSSL initialization segfault (#1688892)
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.2-4
 - Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
 * Tue Jun 08 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.2-3
 - Add systemd notify support (#1968596)
 * Tue Jun 08 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.2-2
 - Fix build errors (#1968596)
 * Mon Jun 07 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.2-1
 - Update to 2.2.2 (#1968596)
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.1-3
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Mon Jan 18 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.1-1
 - Update to 2.2.1 (#1917152)
 * Thu Jan 14 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.0-1
 - Update to 2.2.0 (#1914512)
 * Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 2.1.5-3
 - Rebuilt for new net-snmp release
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jul 15 2020 Ryan O'Hara <rohara@redhat.com> - 2.1.5-1
 - Update to 2.1.5 (#1794135)
 * Tue Feb 18 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.20-3
 - Build with nftables support instead of iptables
 * Thu Feb 13 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.20-2
 - Remove unused patches
 * Wed Feb 12 2020 Ryan O'Hara <rohara@redhat.com> - 2.0.20-1
 - Update to 2.0.20 (#1794135)
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.19-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Tue Nov 12 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.19-4
 - Fix file descriptor errors on reload
 * Tue Nov 12 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.19-3
 - Fix track_process with PIDs over 32767 (#1770766)
 * Wed Nov 06 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.19-2
 - Enable nftables support (#1769278)
 * Wed Nov 06 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.19-1
 - Update to 2.0.19 (#1763424)
 * Tue Jul 30 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.18-2
 - Change pidfile directory (#1712730)
 * Tue Jul 30 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.18-1
 - Update to 2.0.18 (#1678397)
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.12-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Tue Jun 25 2019 Björn Esser <besser82@fedoraproject.org> - 2.0.12-2
 - Rebuilt (iptables)
 * Mon Feb 04 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.12-1
 - Update to 2.0.12 (#1576138)
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.11-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Wed Jan 09 2019 Ryan O'Hara <rohara@redhat.com> - 2.0.11-1
 - Update to 2.0.11
 * Mon Nov 26 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.10-1
- Update to 2.0.10
+- Update to 2.0.10 (#1631816)
- Fix improper pathname validation (#1651864, CVE-2018-19044)
+
- Fix insecure permissions when creating temporary files (#1651868, CVE-2018-19045)
+* Mon Oct 08 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.7-2
- Fix insecure use of temporary files (#1651870, CVE-2018-19046)
+- Remove BuildRequires for ipset-devel
- Fix buffer overflow when parsing HTTP status codes (#1651873, CVE-2018-19047)
+
 * Tue Oct 02 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.7-1
 - Update to 2.0.7 (#1631816)
 * Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 2.0.6-2
 - Rebuild for Net-SNMP
 * Wed Jul 25 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.6-1
- Update to 2.0.6 (#1576138)
+- Update to 2.0.6
 * Tue Jul 24 2018 Adam Williamson <awilliam@redhat.com> - 2.0.5-3
 - Rebuild for new net-snmp
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Tue Jul 03 2018 Ryan O'Hara <rohara@redhat.com> - 2.0.5-1
- Update to 2.0.5 (#1576138)
+- Update to 2.0.5
 * Mon Jul 02 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.5-1
 - Update to 1.4.5
 * Thu May 10 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.4-1
 - Update to 1.4.4 (#1576138)
 * Thu Apr 19 2018 Ryan O'Hara <rohara@redhat.com> - 1.4.3-1
 - Update to 1.4.3 (#1565388)
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
 --- !Policy
 product_versions:
  - rhel-9
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/keepalived.init
+++ b/keepalived.init
@ -1,110 +0,0 @@
 #!/bin/sh
 #
 # keepalived   High Availability monitor built upon LVS and VRRP
 #
 # chkconfig:   - 86 14
 # description: Robust keepalive facility to the Linux Virtual Server project \
 #              with multilayer TCP/IP stack checks.
 ### BEGIN INIT INFO
 # Provides: keepalived
 # Required-Start: $local_fs $network $named $syslog
 # Required-Stop: $local_fs $network $named $syslog
 # Should-Start: smtpdaemon httpd
 # Should-Stop: smtpdaemon httpd
 # Default-Start: 
 # Default-Stop: 0 1 2 3 4 5 6
 # Short-Description: High Availability monitor built upon LVS and VRRP
 # Description:       Robust keepalive facility to the Linux Virtual Server
 #                    project with multilayer TCP/IP stack checks.
 ### END INIT INFO
 # Source function library.
 . /etc/rc.d/init.d/functions
 exec="/usr/sbin/keepalived"
 prog="keepalived"
 config="/etc/keepalived/keepalived.conf"
 [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
 lockfile=/var/lock/subsys/$prog
 start() {
    [ -x $exec ] || exit 5
    [ -e $config ] || exit 6
    echo -n $"Starting $prog: "
    daemon $exec $KEEPALIVED_OPTIONS
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
 }
 stop() {
    echo -n $"Stopping $prog: "
    killproc $prog
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
 }
 restart() {
    stop
    start
 }
 reload() {
    echo -n $"Reloading $prog: "
    killproc $prog -1
    retval=$?
    echo
    return $retval
 }
 force_reload() {
    restart
 }
 rh_status() {
    status $prog
 }
 rh_status_q() {
    rh_status &>/dev/null
 }
 case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
        restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
 esac
 exit $?
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -1,3 +0,0 @@
 ---
 inspections:
    badfuncs: off
--- a/1
+++ b/1
@ -1 +0,0 @@
 SHA512 (keepalived-2.2.8.tar.gz) = dc0ab5b0ef8911a7859422eccc2771a40e942236c855a628158ed748eb5f7dc4b6f4850e9c3057e81fd9d2daa640ab51fb1d7af12748a613280a217b333eb06b
--- a/tests/keepalived.conf.in
+++ b/tests/keepalived.conf.in
@ -1,17 +0,0 @@
 global_defs {
    router_id TEST
 }
 vrrp_instance VRRP {
    state MASTER
    priority 100
    advert_int 1
    interface eth0
    virtual_router_id 100
    virtual_ipaddress {
        $VIP_INCLUDE
    }
    virtual_ipaddress_excluded {
        $VIP_EXCLUDE
    }
 }
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@ -1,91 +0,0 @@
 #!/bin/sh
 export VIP_INCLUDE="192.168.1.101"
 export VIP_EXCLUDE="192.168.1.102"
 echo -ne "[debug]: setting up config file ... "
 envsubst '${VIP_INCLUDE},${VIP_EXCLUDE}' < ./keepalived.conf.in > /etc/keepalived/keepalived.conf
 if [ $? -ne 0 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 echo -ne "[debug]: starting service ... "
 systemctl start keepalived
 if [ $? -ne 0 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 echo -ne "[debug]: checking service active ... "
 systemctl -q is-active keepalived
 if [ $? -ne 0 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 sleep 5
 echo -ne "[debug]: checking included VIP ... "
 ip addr show eth0 | grep -q ${VIP_INCLUDE}
 if [ $? -ne 0 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 echo -ne "[debug]: checking excluded VIP ... "
 ip addr show eth0 | grep -q ${VIP_EXCLUDE}
 if [ $? -ne 0 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 echo -ne "[debug]: stopping service ... "
 systemctl stop keepalived
 if [ $? -ne 0 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 echo -ne "[debug]: checking service inactive ... "
 systemctl -q is-active keepalived
 if [ $? -ne 3 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 sleep 5
 echo -ne "[debug]: checking include VIP ... "
 ip addr show eth0 | grep -q ${VIP_INCLUDE}
 if [ $? -ne 1 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 echo -ne "[debug]: checking exclude VIP ... "
 ip addr show eth0 | grep -q ${VIP_EXCLUDE}
 if [ $? -ne 1 ] ; then
    echo "FAIL"
    exit 1
 else
    echo "OK"
 fi
 exit 0
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,11 +0,0 @@
 - hosts: localhost
  roles:
  - role: standard-test-basic
    tags:
    - classic
    tests:
    - simple:
        dir: .
        run: ./run_tests.sh
    required_packages:
     - gettext
`@ -1 +1 @@`
	`e35522125dcadb1f627e63f2be01f269f289c024 keepalived-2.2.8.tar.gz`	`54128bc7b4f8b920028af4691be9013f25393a99 SOURCES/keepalived-2.1.5.tar.gz`
		`@ -1 +0,0 @@`
			`SHA512 (keepalived-2.2.8.tar.gz) = dc0ab5b0ef8911a7859422eccc2771a40e942236c855a628158ed748eb5f7dc4b6f4850e9c3057e81fd9d2daa640ab51fb1d7af12748a613280a217b333eb06b`